Microsoft thanks Google in a security advisory for helping it resolve an IE vulnerability that appears to have been used by state-sponsored agents to attack Gmail accounts.

Microsoft is warning of "active attacks" using a hole in its XML Core Services technology that could allow an attacker to take control of a computer if a user was enticed to open a malicious Web page using Internet Explorer.

Microsoft has a Fix it tool that blocks the attack vector for the vulnerability, but has not issued a security patch yet. Computers running Windows, Office 2003 and Office 2007 are affected.

In its security advisory on the issue, Microsoft acknowledges the Google Security Team for working with the company on the MSXML Uninitialized Memory Corruption Vulnerability. Microsoft also thanks a Chinese security team, Qihoo 360 Security Center, for reporting the vulnerability.

Related stories

Ryan Naraine at CNET sister site ZDNet, citing an unnamed source, reports that the attacks using the IE hole was the catalyst for Google's warning about state-sponsored attacks.

A Google spokesman told me that the state-sponsored warning is not tied to any specific attack but is representative of a larger class of attacks, and pointed to the company's original blog post when asked to elaborate.

So, it sounds like the IE attacks are just one of the attacks being used to target Gmail users.